@swc/core — Greenflagged

Super-fast alternative for babel

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

kdy1

Keywords

swcswcpackbabeltypescriptrustwebpacktsc

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:request	AI (dependencies): The `request` package is used during install to fetch prebuilt binaries; it is a well-known HTTP client and its use here is consistent with the package's install flow.	ai	2026/04/24
install-scripts	install-script:install	AI (install-scripts): @swc/core is a native Rust binding; install script fetches prebuilt binaries or builds via neon. Standard for this package.	ai	2026/04/24
phantom-deps	phantom-dep:neon-cli	AI (phantom-deps): neon-cli is used as a CLI tool in install/build scripts, not imported in JS. Expected for neon-based native bindings.	ai	2026/04/24
bogus-package	bogus-package	AI (bogus-package): @swc/core is a major ecosystem package (43M downloads); sparse metadata in early versions is not a spam signal.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-linux-x64-gnu	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-linux-x64-musl	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-win32-x64-msvc	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-linux-arm64-gnu	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-win32-ia32-msvc	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-linux-arm64-musl	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-win32-arm64-msvc	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-linux-arm-gnueabihf	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-darwin-x64	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-freebsd-x64	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-darwin-arm64	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
phantom-deps	phantom-dep:@swc/core-android-arm64	AI (phantom-deps): Platform-specific optional dependency for NAPI native binding; declared in napi config and loaded conditionally at runtime.	ai	2026/04/24
provenance	no-provenance	AI (provenance): @swc/core is a long-established, high-trust package; absence of Sigstore provenance is not a risk signal here.	ai	2026/04/24
typosquat	typosquat.levenshtein:cors	AI (typosquat): @swc/core is a major scoped package under the @swc org, not a typosquat of 'cors'. The Levenshtein match is purely coincidental and will never be a real signal for this package.	ai	2026/04/24
semgrep	semgrep:child-process-import	AI (semgrep): child_process is used only to run 'ldd --version' to detect musl libc for binary selection; hardcoded, benign, and stable for this package.	ai	2026/04/23
phantom-deps	phantom-dep:@swc/counter	AI (phantom-deps): @swc/counter is a same-org runtime dependency declared in package.json dependencies; phantom-dep detection is a false positive here.	ai	2026/04/23
install-scripts	install-script:postinstall	AI (install-scripts): @swc/core uses postinstall to select the correct platform-specific prebuilt native binary via NAPI-RS; this is the documented and stable install flow for this package.	ai	2026/04/23
semgrep	semgrep:child-process-execsync	AI (semgrep): execSync('ldd --version') is a hardcoded, benign musl detection check in binding.js; stable false positive for this native binding package.	ai	2026/04/23
semgrep	semgrep:dynamic-require	AI (semgrep): Dynamic require in index.js loads either a user-specified binding override or ./binding.js; standard NAPI-RS pattern, stable for this package.	ai	2026/04/23

Versions (showing 17 of 217)

Show 66 prereleases

Version	Deps	Published
1.2.23	4 / 19	2020-09-08
1.2.22	4 / 19	2020-08-30
1.2.11	4 / 18	2020-08-02
1.2.6	4 / 18	2020-06-21
1.1.58	4 / 18	2020-06-13
1.1.30	4 / 17	2020-02-29
1.1.24	4 / 17	2020-02-15
1.1.15	5 / 16	2020-01-24
1.1.7	5 / 14	2019-12-22
1.1.4	5 / 14	2019-12-09
1.0.40	5 / 13	2019-04-11
1.0.30	5 / 13	2019-02-28
1.0.26	5 / 10	2019-02-25
1.0.18	5 / 10	2019-02-18
1.0.16	5 / 10	2019-02-18
1.0.14	5 / 8	2019-02-16
1.0.12	5 / 8	2019-02-15